THE attack on Twitter was the largest co-ordinated social media attack we’ve seen in a very long time.

Tweets posted from high-profile legitimate Twitter accounts belonging to Jeff Bezos, Elon Musk, Barack Obama and many more have been compromised to convince users to send money to a Bitcoin Wallet, with the claim that it would be doubled in return.

But how did it happen?

There are three potential attack vector candidates:

l Social Engineering – The original statement from Twitter suggests that this attack is believed to have been a co-ordinated social engineering attack, targeting Twitter employees to grant unauthorised access to internal tools and systems.

l Architectural vulnerability – Speculation from different outlets has lead to the belief that this may be down to a deeply-engrained vulnerability, primarily within the Twitter administrative toolset, which could potentially allow an attacker to bypass authentication, or post Tweets on behalf of an account they don’t already have access to.

l Account Compromise – It is suspected that attackers may have compromised accounts individually using a technique dubbed “SIM swapping”.

SIM swapping is an account takeover fraudulent attack which involves the compromise of individual credentials, in combination with Social Engineering of a mobile or telecommunications provider to have the victims mobile number ported to a new SIM card. This method allows an attacker to bypass all Two-Factor Authentication mechanisms.